﻿
using Moq;
using System.Security.Claims;

#pragma warning disable S3261 // Namespaces should not be empty
namespace DX.TestProject
{
    /*
    public class Test1
    {

        [Fact]
        public void CheckAccess_WithMatchingPolicy_ReturnsCorrectResult()
        {



            var manager = new AbacAccessControlManager(MockDb(), MockCache());

            var request = new AccessRequest
            {
                Subject = new Subject
                {
                    Identity = new ClaimsIdentity(new[]
                {
                new Claim("role", "user"),
                new Claim("department", "IT")
            })
                },
                Resource = new ResourceDescriptor(new[]
                {
                new Claim("category", "confidential"),
                new Claim("department", "IT")
            }),
                Action = "read"
            };

            // Act
            var result = manager.CheckAccess(request);

            // Assert
            Assert.True(result);

        }

        private static ICacheProvider MockCache()
        {
            // Arrange
            var mockCache = new Mock<ICacheProvider>();
            var policy = new AbacPolicy
            {
                SubjectClaims = new[] {
            new Claim("role", "user"),
            new Claim("department", "IT")
        },
                ResourceClaims = new[] {
            new Claim("category", "confidential")
        },
                Action = "read",
                IsAllowed = true
            };
            var policies = new List<AbacPolicy>
        {
           policy
        };
            mockCache.Setup(c => c.TryGet(It.IsAny<string>(), out policies)).Returns(true);
            mockCache.Setup(c => c.Set(It.IsAny<string>(), It.IsAny<List<AbacPolicy>>(), It.IsAny<TimeSpan>()));
            //      mockCache.Verify(c => c.Set("AbacPolicies", It.IsAny<List<AbacPolicy>>(), It.IsAny<TimeSpan>()), Times.Once);
            return mockCache.Object;
        }

        [Fact]
        public void CheckAccess_WithNonMatchingPolicy_ReturnsFalse()
        {



            var manager = new AbacAccessControlManager(MockDb(), MockCache());

            var request = new AccessRequest
            {
                Subject = new Subject
                {
                    Identity = new ClaimsIdentity(new[]
                {
                new Claim("role", "user")
            })
                },
                Resource = new ResourceDescriptor(new[]
                {
                new Claim("category", "confidential")
            }),
                Action = "read"
            };

            // Act
            var result = manager.CheckAccess(request);

            // Assert
            Assert.False(result);
        }

        [Fact]
        public void CheckAccess_WithMultiplePolicies_ReturnsFirstMatch()
        {
            // Arrange

            var manager = new AbacAccessControlManager(MockDb(), MockCache());

            var request = new AccessRequest
            {
                Subject = new Subject
                {
                    Identity = new ClaimsIdentity(new[]
                {
                new Claim("role", "user")
            })
                },
                Resource = new ResourceDescriptor(new[]
                {
                new Claim("category", "confidential")
            }),
                Action = "read"
            };

            // Act
            var result = manager.CheckAccess(request);

            // Assert
            Assert.True(result);
        }

        private static IDatabaseProvider MockDb()
        {
            var mockDb = new Mock<IDatabaseProvider>();
            var policies = new List<AbacPolicy>
    {
        new AbacPolicy {
            SubjectClaims = new []{ new Claim("role", "user"), new Claim("department", "IT") } ,
            ResourceClaims = new []{ new Claim("category", "confidential"), new Claim("department", "IT") } ,
            Action = "read",
            IsAllowed = true
        }
    };
            mockDb.Setup(d => d.GetPolicies()).Returns(policies);
            return mockDb.Object;
        }



        [Fact]
        public void SubjectClaimMatch_WithMissingAttribute_ReturnsFalse()
        {
            // Arrange
            var claims = new List<Claim>
        {
            new Claim("role", "user")
        };
            var request = new AccessRequest
            {
                Subject = new Subject { Identity = new ClaimsIdentity(new[] { new Claim("role", "user") }) },
                Resource = new ResourceDescriptor(new[] { new Claim("category", "public") }) { AllowedActions = new[] { "read" } },
                Action = "read"
            };
            var manager = new AbacAccessControlManager(MockDb(), MemoryCacheProvider.Defalut());


            // Assert
            Assert.True(manager.CheckAccess(request));
        }

         ClaimsPrincipal CreateIdentity()
        {
            ClaimsIdentity identity = new ClaimsIdentity("my_Auth", "username", "role");
            identity.AddClaim(new Claim("username", "guo"));
            identity.AddClaim(new Claim("role", "admin"));
            identity.AddClaim(new Claim("department", "IT"));
            ClaimsPrincipal principal = new ClaimsPrincipal(identity);
            return principal;
        }
        [Fact]
        public void TestAbac()
        {
            var connectionString = "Data Source=abac.db;";
            var manager = AbacAccessControlManager.Sqlite(connectionString);

            var user = CreateIdentity();
            // 创建主体
            var subject = new Subject
            {
                Identity = user.Identity as ClaimsIdentity,

            };

            // 创建资源（带动作限制）
            var resource = new ResourceDescriptor(new[] {
            new Claim("category", "confidential"),
            new Claim("department", "IT")
        })
            {
                AllowedActions = new[] { "read", "view" } // 仅允许 read 和 view
            };

            // 创建访问请求
            var request = new AccessRequest
            {
                Subject = subject,
                Resource = resource,
                Action = "read"
            };

            // 检查权限
            var isAllowed = manager.CheckAccess(request);
            Console.WriteLine($"Access allowed: {isAllowed}"); // 输出: True
        }
    }*/
}
#pragma warning restore S3261 // Namespaces should not be empty
